Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > SSO

Reply
 
 
AM
Guest
Posts: n/a
 
      12-26-2008
Hi All,
I know this question has been posted many times in this group and I did went
through and implemented the solution in my ASP.Net 2.0 Internet facing
application

I am using
IIS for integrated authentication
and ASP.NET for Windows authentication (<authentication mode="Windows" />)
as Dominick Suggested.
It works as expected, I sign into one app and I can go to my app2 and I am
already logged in

My Apps are set as follow
www.mydomain.com/app1
www.mydomain.com/app2
www.mydomain.com/app3

I am able to navigate to all 3 apps, back and forth without any issue.
The problem is my data is very sensitive, I want to make sure that once
users session times out after 15 minutes of inactivity the authentication
should be timed out too, meaning after 15 minutes of inactivity all my
session are cleared and I want user to be asked to re-login after sesson
expires.

In this case even after one hour of inactivity user can click on menu and it
will not ask him to relogin.
Is there any setting at AD level that I can set?

I am open for any other suggestion which does not require any form of cookies.

Thanks
AM

 
Reply With Quote
 
 
 
 
Joe Kaplan
Guest
Posts: n/a
 
      12-27-2008
Unfortunately, integrated Windows authentication is not designed to work
that way, so there isn't a really clean way to accomplish that.

Forms authentication typically supports things like idle timeout, but with
it you lose the SSO experience.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"AM" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi All,
> I know this question has been posted many times in this group and I did
> went
> through and implemented the solution in my ASP.Net 2.0 Internet facing
> application
>
> I am using
> IIS for integrated authentication
> and ASP.NET for Windows authentication (<authentication mode="Windows" />)
> as Dominick Suggested.
> It works as expected, I sign into one app and I can go to my app2 and I am
> already logged in
>
> My Apps are set as follow
> www.mydomain.com/app1
> www.mydomain.com/app2
> www.mydomain.com/app3
>
> I am able to navigate to all 3 apps, back and forth without any issue.
> The problem is my data is very sensitive, I want to make sure that once
> users session times out after 15 minutes of inactivity the authentication
> should be timed out too, meaning after 15 minutes of inactivity all my
> session are cleared and I want user to be asked to re-login after sesson
> expires.
>
> In this case even after one hour of inactivity user can click on menu and
> it
> will not ask him to relogin.
> Is there any setting at AD level that I can set?
>
> I am open for any other suggestion which does not require any form of
> cookies.
>
> Thanks
> AM
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sso =?Utf-8?B?QVZM?= ASP .Net 0 04-04-2005 04:17 AM
Java SSO - Is this a standard? Lucas Tam ASP .Net 1 03-10-2005 10:21 PM
Single Sign On(SSO) and Active Directory (AD) daniel ASP .Net 3 02-02-2005 01:45 PM
How to implement SSO on ASP.NET application using Sun One agent ? CV ASP .Net 1 10-05-2004 11:20 PM
SSO in WebApplication, Help Rick Z Java 1 09-26-2004 11:29 AM



Advertisments